O'Reilly logo

SAS 9.4 Intelligence Platform: Overview, Second Edition, 2nd Edition by

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

For a comprehensive discussion of security and detailed information about security
administration activities, see the SAS Intelligence Platform: Security Administration
Guide and the SAS Guide to Metadata-Bound Libraries, which are available at http://
support.sas.com/94administration.
Authorization and Permissions Overview
Metadata-Based Authorization
Authorization is the process of determining which users have which permissions for
which resources. The SAS Intelligence Platform includes an authorization mechanism
that consists of access controls that you define and store in a metadata repository. These
metadata-based controls supplement protections from the host environment and other
systems. You can use the metadata authorization layer to manage access to the following
resources:
almost any metadata object (for example, reports, data definitions, information maps,
jobs, stored processes, and server definitions)
OLAP data
relational data (depending on the method by which the data is accessed)
You can set permissions at several levels of granularity:
Repository-level controls provide default access controls for objects that have no
other access controls defined.
Resource-level controls manage access to a specific item such as a report, an
information map, a stored process, a table, a column, a cube, or a folder. The controls
can be defined individually (as explicit settings) or in patterns (by using access
control templates).
Fine-grained controls affect access to subsets of data within a resource. You can use
these controls to specify who can access particular rows within a table or members
within a cube dimension.
You can assign permissions to individual users or to user groups. Each SAS user has an
identity hierarchy that starts with the user's individual SAS identity and can include
multiple levels of nested group memberships.
The effect of a particular permission setting is influenced by any related settings that
have higher precedence. For example, if a report inherits a grant from its parent folder
but also has an explicit denial, the explicit setting determines the outcome.
The available metadata-based permissions are summarized in the following table.
Table 7.1 Metadata-Based Permissions
Permissions Use
ReadMetadata, WriteMetadata,
WriteMemberMetadata, CheckInMetadata
Use to control user interactions with a
metadata object.
54 Chapter 7 Security Overview

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required